You are here

hAP dropping LAN packets if there is a DtD connection

3 posts / 0 new
Last post
K6CCC
K6CCC's picture
hAP dropping LAN packets if there is a DtD connection

First a little background.  From my house there is not an AREDN path to anything.  My only connection from home is a tunnel to a node at my office which in turn has a great RF path to the local network.  At home I have a Mikrotik RB952Ui-5ac2nD (hAP ac Lite) that provides me local AREDN access to the network via the tunnel.  To keep the story short, I have discovered that if there is a LAN connection between port 5 of the hAP (the DtD port) and the switch, then the LAN connection is dropping A LOT of packets - about 40% of pings fail.  This is 100% repeatable.  Originally I determined what was going on using nightly build 942, but I updated the hAP to nightly build 960 to see if that helped.  There was no change.  Here is a description of my LAN and a link to a drawing extract:

hAP port 1 (WAN port) connected to Mikrotik CSS326 managed switch port 18 - configured for VLAN 1 untagged (AREDN WAN)
hAP port 2 (LAN port) connected to Mikrotik CSS326 managed switch port 20 - configured for VLAN 5 untagged (AREDN LAN)
hAP port 5 (DtD port) connected to Mikrotik CSS326 managed switch port 16 - configured for VLAN 2 tagged (AREDN DtD)
 - Note that the port 5 connection is a custom cable that only passes the data wires and NOT the POE wires between the hAP and the switch.

Family room PC 2nd LAN port (AREDN) connected to Mikrotik CSS326 managed switch port 10 - configured for VLAN 5 untagged (AREDN LAN)

VLANs 1 & 5 are also routed via a VLAN trunk on port 3 to the garage data cabinet into another CSS326 managed switch.  In the data cabinet, VLAN 1 connects to one of my routers to gain internet access, and VLAN 5 connects to a RasPi that is running MeshChat.

Port 22 of the Family room CSS326 switch is a trunk port for an additional AREDN node that uses a single port - although there is nothing connected to it.
Port 24 of the Family room CSS326 switch is a trunk port to a Part 15 NanoStation M5 that goes to a nearby radio site to provide internet to that site.

There are no active ports on VLAN 2 on the Family room switch other than the hAP.  As soon as there is an active LAN connection between the hAP port 5 and and the switch, the LAN port (hAP port 2) starts dropping pings.

For my tests, I was pinging from the Family room PC to the hAP on either the WiFi address (using the node name) or by pinging the LAN IP address.  I was also pinging the node at my office and observed dropped pings from there at the same time as dropped pings to the local node (as expected).

The last test was to connect an AREDN node (Mikrotik RBLHG-5nD) to port 22 so that there was something to provide a DtD connection to the hAP.  Again when I enabled port 16 (the DtD LAN) in the Family room switch, the LAN started dropping pings.

Here is the LAN drawing extract:
http://k6ccc.org/AREDN/AREDN-extract.png

I am also posting this to github.
 

AJ6GZ
Hmm

I believe all 3 VLANs are present on Port 5 since it's designed to connect another node. Someone correct if wrong and it's just VLAN2 ??

Let's start at the bottom and look for a layer 2 loop. Look in the switch log and check if it is reporting anything (MAC addr on more than one port, etc). Are the activity lights going crazy a few seconds after it's plugged in? Check the packet/sec levels on all of the switch ports connected to the hAP and for CPU spikes on the switch. I would make sure everything but tagged VLAN2 is explicitly dropped from interface 16, including untagged packets both in & out.

Also be aware that VLAN1 can make its way onto VLAN trunks in an unpredicable way even if the config looks right. I always translate it to some other VLAN to gain positive control of it.

Ian

K6CCC
K6CCC's picture
Pretty sure that only VLAN 2

Pretty sure that only VLAN 2 is present on port 5.  Only VLAN 2 is required for a DtD link

There have been some updates over on the github post on this subject.  There is not a loop.  Joe has a couple suggestions to try that I will test this evening.

As for VLAN, I agree that using VLAN 1 was a poor choice
 

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer